Please use this identifier to cite or link to this item:
https://hdl.handle.net/10356/183862| Title: | SSL-TLS security flaws: padding oracle and compression-based attacks | Authors: | Yin, Jian | Keywords: | Computer and Information Science | Issue Date: | 2025 | Publisher: | Nanyang Technological University | Source: | Yin, J. (2025). SSL-TLS security flaws: padding oracle and compression-based attacks. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/183862 | Project: | CCDS24-0426 | Abstract: | The Secure Socket Layer (SSL) protocol, a security protocol for network communication, was first theorised by engineers at Netscape. It was later developed and released as SSL v2.0 in 1995 for public use [1]. The objective was to provide secure transmission of data between endpoints located around the world. Over the years, security researchers discovered various flaws within the SSL protocol, which lead to multiple revisions and enhancements. Eventually, SSL was deprecated and replaced by the Transport Layer Security (TLS) protocol, which is still being used today. TLS is also not immune to security flaws and have also undergone multiple revisions, starting from TLS v1.0 in 2006 to TLS v1.3 in 2024. In this study, we will dive into instances where SSL-TLS have been exploited in the wild, exploring the technical intricacies and motivations for these attacks. Particularly, we will investigate Vaudenay’s padding oracle attack from 2002, Padding Oracle on Downgraded Legacy Encryption (POODLE) attack from 2014 and Compression Ratio Info-leak Made Easy (CRIME) attack from 2012. | URI: | https://hdl.handle.net/10356/183862 | Schools: | College of Computing and Data Science | Fulltext Permission: | restricted | Fulltext Availability: | With Fulltext |
| Appears in Collections: | CCDS Student Reports (FYP/IA/PA/PI) |
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.